Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/yzI_YVQANoJtAkIWbpLmolxXLtc.roa
File:                     yzI_YVQANoJtAkIWbpLmolxXLtc.roa (raw, json)
Hash identifier:          1HI2nnPzR9fmhXQjPpk1q1wGSMIt960qWCZ335hhWZk=
Subject key identifier:   CB:32:3F:61:54:00:36:82:6D:02:42:16:6E:92:E6:A2:5C:57:2E:D7
Certificate issuer:       /CN=d9d0318f2685e32d2dba923f6662771427359738
Certificate serial:       018CC3B7036208EA2F4B8662D5177B4D1567
Authority key identifier: D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/yzI_YVQANoJtAkIWbpLmolxXLtc.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51103
IP address blocks:        2001:1b28:405::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 15:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:03:62:08:ea:2f:4b:86:62:d5:17:7b:4d:15:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d0318f2685e32d2dba923f6662771427359738
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb323f61540036826d0242166e92e6a25c572ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:77:ee:55:c8:4b:81:5a:22:68:f6:81:07:9c:
                    d8:65:22:a3:71:55:e9:e8:2f:19:b2:a9:3c:e5:d8:
                    57:1e:e1:e3:ff:33:02:3f:5c:ba:fa:f1:f0:2f:e9:
                    26:da:42:bd:f8:27:81:18:f8:d8:47:49:87:51:52:
                    9e:a3:72:e5:3c:e2:9c:ab:bd:f4:fe:71:d0:27:d9:
                    d7:cd:3b:f0:01:15:3c:d7:8e:25:74:20:59:7f:53:
                    95:9a:c3:d9:8c:5c:cc:c6:f3:e5:ce:28:fa:af:0b:
                    10:40:8f:e9:bd:df:80:90:62:7a:b9:2a:8f:6e:64:
                    8f:b6:98:5b:19:c2:95:94:f6:ec:3c:da:e7:23:b4:
                    b4:47:c2:a2:40:c1:02:1f:3f:a9:a5:74:e8:d8:76:
                    cc:54:46:14:68:0d:56:66:65:e4:74:d4:66:9b:8b:
                    0a:3e:36:39:9a:cb:34:44:80:26:45:6f:51:4a:b7:
                    75:3c:dc:50:27:ef:11:00:d2:98:6f:1f:64:0c:05:
                    2f:d2:8e:7e:19:5e:16:b9:11:3b:9b:96:13:73:21:
                    c9:ff:2c:de:69:4c:72:5f:5a:42:63:29:08:db:4b:
                    77:09:7b:08:6a:d8:cd:88:09:2c:ea:be:22:2e:42:
                    37:02:ef:68:61:10:02:58:16:f1:5a:d7:33:cc:9b:
                    92:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:32:3F:61:54:00:36:82:6D:02:42:16:6E:92:E6:A2:5C:57:2E:D7
            X509v3 Authority Key Identifier:
                keyid:D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/yzI_YVQANoJtAkIWbpLmolxXLtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1b28:405::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:e4:0e:52:bb:72:f5:08:38:cb:75:7f:f8:16:11:33:10:63:
         a3:76:13:37:5b:69:36:ab:c8:32:dc:d1:31:2f:3a:0c:fb:36:
         04:9e:ff:ee:95:91:8b:87:0c:32:c8:43:a4:6a:8f:77:c2:8a:
         3f:c7:e0:7c:50:ae:1a:e8:c5:2e:c1:f1:1f:24:0f:d9:50:86:
         73:3e:5f:17:ef:0a:4c:1d:92:74:73:27:6f:e4:31:7b:03:51:
         69:a0:19:63:f3:b0:be:18:8f:2a:b7:d3:66:fd:61:5d:e5:82:
         99:4a:2e:83:84:b0:d1:76:c1:a2:54:32:b5:d9:4f:3c:13:3e:
         11:bc:c0:1b:a4:9d:47:bc:f1:04:8c:65:7b:a1:99:58:01:b3:
         93:09:d8:3e:81:4c:28:15:65:4f:01:4d:20:a7:20:7b:83:af:
         a2:fa:02:0e:55:60:3a:db:74:7c:f1:f8:96:6a:a3:4c:42:ae:
         96:c0:65:22:73:4f:9d:31:35:55:97:d1:c4:76:87:68:7a:ee:
         7c:14:53:88:c3:10:17:c1:cf:80:e6:2d:0b:63:84:b6:44:39:
         37:1f:27:4d:34:9f:89:00:50:40:5f:11:87:8d:c2:81:b7:03:
         b1:a6:74:2b:7d:d2:ea:9e:45:32:c0:94:87:27:21:4f:99:c2:
         88:2d:ed:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtwNiCOovS4Zi1Rd7TRVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDAzMThmMjY4NWUzMmQyZGJhOTIzZjY2NjI3NzE0Mjcz
NTk3MzgwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjMyM2Y2MTU0MDAzNjgyNmQwMjQyMTY2ZTkyZTZhMjVjNTcyZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinfuVchLgVoiaPaBB5zYZSKjcVXp
6C8Zsqk85dhXHuHj/zMCP1y6+vHwL+km2kK9+CeBGPjYR0mHUVKeo3LlPOKcq730
/nHQJ9nXzTvwARU8144ldCBZf1OVmsPZjFzMxvPlzij6rwsQQI/pvd+AkGJ6uSqP
bmSPtphbGcKVlPbsPNrnI7S0R8KiQMECHz+ppXTo2HbMVEYUaA1WZmXkdNRmm4sK
PjY5mss0RIAmRW9RSrd1PNxQJ+8RANKYbx9kDAUv0o5+GV4WuRE7m5YTcyHJ/yze
aUxyX1pCYykI20t3CXsIatjNiAks6r4iLkI3Au9oYRACWBbxWtczzJuSwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMsyP2FUADaCbQJCFm6S5qJcVy7XMB8GA1UdIwQY
MBaAFNnQMY8mheMtLbqSP2ZidxQnNZc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEt
OTZkZGQ1YTAyMzlkLzEveXpJX1lWUUFOb0p0QWtJV2JwTG1vbHhYTHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEtOTZkZGQ1YTAyMzlk
LzEvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEbKAQF
MA0GCSqGSIb3DQEBCwUAA4IBAQA05A5Su3L1CDjLdX/4FhEzEGOjdhM3W2k2q8gy
3NExLzoM+zYEnv/ulZGLhwwyyEOkao93woo/x+B8UK4a6MUuwfEfJA/ZUIZzPl8X
7wpMHZJ0cydv5DF7A1FpoBlj87C+GI8qt9Nm/WFd5YKZSi6DhLDRdsGiVDK12U88
Ez4RvMAbpJ1HvPEEjGV7oZlYAbOTCdg+gUwoFWVPAU0gpyB7g6+i+gIOVWA623R8
8fiWaqNMQq6WwGUic0+dMTVVl9HEdodoeu58FFOIwxAXwc+A5i0LY4S2RDk3HydN
NJ+JAFBAXxGHjcKBtwOxpnQrfdLqnkUywJSHJyFPmcKILe2e
-----END CERTIFICATE-----